Blackberry Enterprise Server 5.0 = FAIL

November 27, 2010 By Leif Hurst 3 Comments

I have ran across some difficult software in my life… teaching myself photoshop & SQL, learning autoCAD at a previous job, or even working with the Crestron proprietary automation software for my home. These are all “Elmo Learns to Read” compared to Blackberry’s latest bastard, BES 5.0.

In a world where most every other mobile device manufacturer has adopted activesync, making most admin’s life easier, Blackberry in their infinite wisdom has stuck with their own method of connecting to RIM devices.

Now I know what you’re saying, activesync can’t do what BES can, and you are right. You can’t lock down the camera, you can’t “brick” the device (wipe yes, but brick, no), you can’t scale your own policy to have the phone to do exactly what you need it to do. But for a non-government, non-research corporation like the one I work for, these features are useless. If it’s not easy to use and easy to administer, people aren’t going to use it. It’s no wonder RIM is losing marketshare to both apple and google-enabled phones at a dramatic rate.

So in our environment of 40 users, I have seen RIM devices fall from 15 total users back in 2008 to 5 in 2010 and now 4 as of this week. The majority of our employees favor both Apple and Android devices and from an administration perspective, make my life much easier. With Exchange 2010 I can manage my wireless users and their company data from the Exchange System Manager (ESM) much like we could with BES 4.x. With the move to Win2008 and Exchange 2010 I had to move our BES to the new 5.0 interface. This has been hell to say the least. In what takes 5 minutes to setup an activesync policy it took nearly 14 hours, 4 installs, and several calls to RIM to setup BES 5.0. This is without getting into the usual steps of BESAdmin Policy Permissions as much of that migrated forward from the previous Exchange2003/BES 4.x environment.

By no means am I a fanboy either. I personally use an iPhone 4 but it’s not God’s phone by any means either. I’m impressed the most the latest Android based phones and love the EVO and the Galaxy S. I advocate what is easy for the user to use, reliably works, and can be folded into our network with ease.

At the end of all of it, I have declared our office a non-RIM zone. We will continue to support our few RIM users remaining but we will no longer add any additional or replacement devices until RIM makes their products easier to use from both the user and the administrator side. Goodbye syncing issues, goodbye resending service books, goodbye goofy ‘sendas’ permissions, goodbye having to wipe a device to re-setup enterprise activation, and finally goodbye terrible trackball devices.

Image courtesy of zazzle

Filed Under: Advice, Computer, Random Thoughts, Server Tagged With: blackberry, enterprise server, fail, Mobile device, sucks

Lessons Learned While Migrating to Exchange 2010

October 7, 2010 By Leif Hurst Leave a Comment

I recently upgraded our mail server at work from a Windows 2003 box running Exchange 2003 to a 64-bit Windows 2008 box running Exchange 2010. There were some things that were extremely well documented both online and an e-book I bought called Exchange Server 2010 Unleashed but there are a few issues that I think you just needed to “figure out.”

I started this migration with the intention that it was going to be a slow process spanning several weeks. I would migrate something over like Active Directory, DNS, DHCP, and finally the mailstore all while waiting a few days after each feature/role was moved looking for any issues that may come up. Microsoft calls this type of migration where the organization has both an Exchange 2003/2007 box and an Exchange 2010 box at the same time “coexistance.”

This was my first time doing an exchange migration in a production environment and I had already ran a small sandbox lab to try to work out the kinks that typically come up during a migration of this size. Our organization, an insurance agency, isn’t huge (~45 mailboxes) but does present some specific issues in that users are pretty much given free roam in regards to email box size. Due to the possibility of an errors & omissions claim (saying we didn’t get an email to change a policy and it never gets done, claim happens, no coverage) it’s difficult to stop sending or receiving email when a user’s email box gets to a certain size. It really is not surprising to have a user with a 8GB email box with 40,000-50,000 emails. I knew this might be an issue in the migration but was glad to see that exchange could natively move these mailboxes with a local move request in the Exchange Management Shell (EMC).

Here are a few other surprises (some good, some bad) that I learned along the way:

Office Functionality – Our office uses a mix of Office 2003 and Office 2007, but primarily Office 2003 at 90% of the desks. The number one thing that I wish I would have known was that with Office 2003 users get greeted with the occassional error message of “Unknown Error” when deleting several items at repeatedly one after the other (“delete” “delete” “delete”). Other issues were that deleted items would take over a minute to disappear from the inbox, would take over a minute to send and a few other “quirks” in regards to timing with the server. From all the research I had done this occurs because the way outlook connects to Microsoft Exchange significantly from Office 2003 to Office 2007/2010 for users that are “always connected” meaning they’re not in cached mode. Office/Exchange 2003 connected using UDP and polling where as Office/Exchange 2010 started using just async. Office 2007 supports all connection methods across Exchange 2003/2007/2010. Even when the account is setup as always connected, the server only connects with each Outlook 2003 client every 60 seconds by default. This can be changed via registry hack that can be found here.
Public Folders – Public folders were initially dropped back in Exchange 2007 but were reintroduced with Exchange 2007 SP1. Exchange 2010 came out of the box supporting public folders but the word from Microsoft is that they have a 10 year shelf life left. Users are expected to run a sharepoint site (which we do but not for public contacts) in conjunction with your Exchange environment. Our public data store wasn’t huge by any means but it was absolutely critical to keep the work flow going at each desk. The issue I ran into specifically is that we were using a smart host on our SMTP virtual connector to let our ISP do the reverse DNS for us. When ever you enable public folder replication, where the folders are going to sync up across two servers, our old 2003 server was trying to sync the public folder information through the smart host, not the server that was sitting under it. Simply removing the smart host (and calling our ISP to set reverse DNS) solved the issue for us.
Default e-mail address policies - This is one of those things that you just think would come over correctly or at least would be defaulted to disabled. Exchange 2010 comes with a default email address policy already setup and enabled. As you move users over their reply email address is going to change to whatever that policy states. We use a first.last@ naming convention and the default policy states firstinitiallastname@ convention. I had this naming convention setup as an alias already for most of our users but 6 slipped through and it took me about a few hours to figure it out. Users were getting new emails but not reply emails because the reply was an address that had not been configured as an email for that user.
Journaling – We had journaling turned on in our previous exchange environment, where basically all outbound and inbound email get bcc’d to an exchange mailbox that gets backed up monthly to a .pst, but the migration process did not see this and left journaling turned off. You can simply turn it back on by creating a journal rule in EMC found under “Organization Configuration” and “Hub Transport.”
Calendar Permissions – What a bear this was. None of the existing calendar permissions came over during migration and everything had to be reconfigured. We have two groups, “management” and “users.” Management has ownership permissions for everyone and users have read free/busy for everyone. We had to set this with some simple powershell commands that I found on a blog here. I really should have spent the time to make this into a script but I ended up just running a the same powershell commands over and over with different combination of users and identities.
Blackberry Enterprise Server - This surprised me the most of all… our BES server continued to work regardless if the user was on the Exchange 2003 or the Exchange 2010 box as long as there is a send connector setup in the organization configuration and hub transport . I really expected BES to stop sending once I moved a user but I can confirm that it works (at least with version 4.x). I still need to install version 5.0 on the new server to fully decommission the old server.
Faxmaker - We’re heavy fax users as an industry. It drives me nuts. We have a ton of commercial clients and companies that still prefer fax over email so the 2,000 dollars in PCI fax cards will not come over to my new Dell R710 server as the only slots I have are all PCI-e. This is more of a server buying issue and I should have known this going in but the lesson was learned. Surprisingly like blackberry, faxmaker continues to work for all of our users even though they’re not located on the same physical machine as the faxmaker program. I’m really looking for recommendations on a software based fax system that can be used both here and for our users on VPN

Well that’s it for now… I will write some new blogs if I find anything else out that isn’t working well for us or I discover some shortcuts to save time doing tasks. I do want to give a special thanks to entity known as “Vertigo” out on the internets for giving me some support over IM as I bumped into issues. There is no way I could have done this as successfully without his help.

Overall I’m extremely impressed with Exchange 2010 and the EMC and powershell are EXCELLENT tools versus the old Server Manager snap-in we used in Exchange 2003. Good luck with your migration and please post a reply if you ran into any issues during your migration!

Filed Under: Computer, Server Tagged With: 2008, 64-bit, Exchange 2008, lessons, migration, plan, Server, Windows

How to backup Microsoft Sharepoint using the built in GUI

January 27, 2010 By Leif Hurst Leave a Comment

Seems easy but I get this question a lot. You need to backup Sharepoint “on-the-fly.” Maybe you’ve made some changes, maybe you’re moving it to another server… in any event, this is how I run a quick backup.

Step 1: Login to the admin site of your Sharepoint site. If you don’t know what this is, it is usually your site name and a specific port. For example http://mysharepointsite:30102 for instance (no reason to click… it’s no such site). If you don’t know this port name look for it in your IIS manager. There should be a site called “SharePoint Central Administrator v3″ right click, manage website, browse… it’ll go to http://localhost:30102. What is important is the port number listed at the end… this is the port number to use for your site. Login with your admin user and pw you specified during setup or for your domain.

Step 2: Click “Operations” on the left-hand menu. This will bring you to your admin menu with all the options we need.

Step 3: You guessed it… we’re going to the “Backup and Restore” section on the right-hand side. Choose “Perform a backup”

Step 4: Now check the box next to the “farm” to select all the areas of Sharepoint to backup then click the button above to “continue to backup operations”

Step 5: Make sure you have “farm” set for content (it should pull over from the previous screen) and then select “full.” I recommend doing a full backup ALWAYS as it’s really not that much room unless you’re running a MASSIVE Sharepoint site. I was doing diff backups for a while but after testing I noticed that one of my diffs was bad (bad admin for not checking result logs!) which hosed my entire restore. Now specify where you want this backup to store. I suggest it be a network store as this will be the place it always wants to store backups from here on out. Sharepoint likes to keep this location static so pick a place on your network that will be around for a while. Now click “ok.”

Step 6: The backup should be running…wait a few minutes and you should see a success message showing that your backup ran succesfully. If for some reason you got a failure on any part, you should do another backup. You will need to find the current backup job in the “Timer Job Definitions” and delete that entry before trying another backup. Backups usually fail because all the Sharepoint services are not running on the server, you have a backup job already running and needs to be deleted in “Timer Job Definitions,” or you have a place specified to store backups that Sharepoint can’t find or is not happy with using.

Have a question or problem… post a response!

Filed Under: Computer, Server, Sharepoint